def test_parse_issue4360(self):
"""Report from GitHub issue 4360
see: https://github.com/DefectDojo/django-DefectDojo/issues/4360
"""
testfile = open("dojo/unittests/scans/zap/dvwa_baseline_dojo.xml")
parser = ZapParser()
findings = parser.get_findings(testfile, Test())
self.assertIsInstance(findings, list)
self.assertEqual(19, len(findings))
with self.subTest(i=0):
finding = findings[0]
self.assertEqual("X-Frame-Options Header Not Set", finding.title)
self.assertEqual("Medium", finding.severity)
self.assertEqual(12, len(finding.unsaved_endpoints))
endpoint = finding.unsaved_endpoints[0]
self.assertEqual("http://172.17.0.2:80", endpoint.host)
endpoint = finding.unsaved_endpoints[1]
self.assertEqual("http", endpoint.protocol)
self.assertEqual("172.17.0.2", endpoint.host)
self.assertEqual('/vulnerabilities/brute/', endpoint.path)
with self.subTest(i=18):
finding = findings[18]
self.assertEqual("Private IP Disclosure", finding.title)
self.assertEqual("Low", finding.severity)
self.assertEqual(4, len(finding.unsaved_endpoints))
endpoint = finding.unsaved_endpoints[0]
def test_parse_issue4360(self):
"""Report from GitHub issue 4360
see: https://github.com/DefectDojo/django-DefectDojo/issues/4360
"""
testfile = open("dojo/unittests/scans/zap/dvwa_baseline_dojo.xml")
parser = ZapParser()
findings = parser.get_findings(testfile, Test())
self.assertIsInstance(findings, list)
self.assertEqual(19, len(findings))
for finding in findings:
self.assertIn(finding.severity, Finding.SEVERITIES)
for endpoint in finding.unsaved_endpoints:
endpoint.clean()
with self.subTest(i=0):
finding = findings[0]
self.assertEqual("X-Frame-Options Header Not Set", finding.title)
self.assertEqual("Medium", finding.severity)
self.assertEqual("10020", finding.vuln_id_from_tool)
self.assertEqual(11, len(finding.unsaved_endpoints))
endpoint = finding.unsaved_endpoints[0]
self.assertEqual("172.17.0.2", endpoint.host)
self.assertEqual(80, endpoint.port)
endpoint = finding.unsaved_endpoints[1]
self.assertEqual("http", endpoint.protocol)
self.assertEqual("172.17.0.2", endpoint.host)
self.assertEqual("vulnerabilities/sqli_blind/", endpoint.path)
with self.subTest(i=18):
finding = findings[18]
self.assertEqual("Private IP Disclosure", finding.title)
self.assertEqual("Low", finding.severity)
self.assertEqual("2", finding.vuln_id_from_tool)
self.assertEqual(3, len(finding.unsaved_endpoints))
endpoint = finding.unsaved_endpoints[0]
def test_parse_some_findings_3(self):
testfile = open(
"dojo/unittests/scans/zap/3_zap_sampl_0_and_different_severities.xml"
)
parser = ZapParser()
findings = parser.get_findings(testfile, self.get_test())
self.assertIsInstance(findings, list)
def test_parse_some_findings_5(self):
testfile = open("dojo/unittests/scans/zap/5_zap_sample_one.xml")
parser = ZapParser()
findings = parser.get_findings(testfile, Test())
for finding in findings:
for endpoint in finding.unsaved_endpoints:
endpoint.clean()
self.assertIsInstance(findings, list)
def test_parse_some_findings(self):
testfile = open("dojo/unittests/scans/zap/some_2.9.0.xml")
parser = ZapParser()
findings = parser.get_findings(testfile, Test())
for finding in findings:
for endpoint in finding.unsaved_endpoints:
endpoint.clean()
self.assertEqual(7, len(findings))
def test_parse_some_findings_0(self):
testfile = open("dojo/unittests/scans/zap/0_zap_sample.xml")
parser = ZapParser()
findings = parser.get_findings(testfile, Test())
self.assertIsInstance(findings, list)
self.assertEqual(4, len(findings))
for finding in findings:
self.assertIn(finding.severity, Finding.SEVERITIES)
for endpoint in finding.unsaved_endpoints:
endpoint.clean()
def test_parse_some_findings_3(self):
testfile = open(
"dojo/unittests/scans/zap/3_zap_sampl_0_and_different_severities.xml"
)
parser = ZapParser()
findings = parser.get_findings(testfile, Test())
for finding in findings:
for endpoint in finding.unsaved_endpoints:
endpoint.clean()
self.assertIsInstance(findings, list)
def test_parse_issue4697(self):
"""Report from GitHub issue 4697
see: https://github.com/DefectDojo/django-DefectDojo/issues/4697
"""
testfile = open("dojo/unittests/scans/zap/zap-results-first-scan.xml")
parser = ZapParser()
findings = parser.get_findings(testfile, Test())
for finding in findings:
for endpoint in finding.unsaved_endpoints:
endpoint.clean()
self.assertIsInstance(findings, list)
self.assertEqual(15, len(findings))
for finding in findings:
self.assertIn(finding.severity, Finding.SEVERITIES)
for endpoint in finding.unsaved_endpoints:
endpoint.clean()
with self.subTest(i=0):
finding = findings[0]
self.assertEqual(
"User Controllable HTML Element Attribute (Potential XSS)",
finding.title)
self.assertEqual("Info", finding.severity)
self.assertEqual("10031", finding.vuln_id_from_tool)
self.assertEqual(11, len(finding.unsaved_endpoints))
endpoint = finding.unsaved_endpoints[0]
self.assertEqual("http", endpoint.protocol)
self.assertEqual("bodgeit.securecodebox-demo.svc", endpoint.host)
self.assertEqual(8080, endpoint.port)
endpoint = finding.unsaved_endpoints[1]
self.assertEqual("http", endpoint.protocol)
self.assertEqual("bodgeit.securecodebox-demo.svc", endpoint.host)
self.assertEqual("bodgeit/product.jsp", endpoint.path)
with self.subTest(i=14):
finding = findings[14]
self.assertEqual("PII Disclosure", finding.title)
self.assertEqual("High", finding.severity)
self.assertEqual("10062", finding.vuln_id_from_tool)
self.assertEqual(359, finding.cwe)
self.assertEqual(1, len(finding.unsaved_endpoints))
endpoint = finding.unsaved_endpoints[0]
self.assertEqual("http", endpoint.protocol)
self.assertEqual("bodgeit.securecodebox-demo.svc", endpoint.host)
self.assertEqual("bodgeit/contact.jsp", endpoint.path)
def test_parse_juicy(self):
"""Generated with OWASP Juicy shop"""
testfile = open("dojo/unittests/scans/zap/juicy2.xml")
parser = ZapParser()
findings = parser.get_findings(testfile, Test())
for finding in findings:
for endpoint in finding.unsaved_endpoints:
endpoint.clean()
self.assertIsInstance(findings, list)
self.assertEqual(6, len(findings))
for finding in findings:
self.assertIn(finding.severity, Finding.SEVERITIES)
for endpoint in finding.unsaved_endpoints:
endpoint.clean()
with self.subTest(i=0):
finding = findings[0]
self.assertEqual("Incomplete or No Cache-control Header Set",
finding.title)
self.assertEqual("Low", finding.severity)
self.assertEqual("10015", finding.vuln_id_from_tool)
self.assertEqual(20, len(finding.unsaved_endpoints))
endpoint = finding.unsaved_endpoints[0]
self.assertEqual("https", endpoint.protocol)
self.assertEqual("juice-shop.herokuapp.com", endpoint.host)
self.assertEqual(443, endpoint.port)
endpoint = finding.unsaved_endpoints[1]
self.assertEqual("https", endpoint.protocol)
self.assertEqual("juice-shop.herokuapp.com", endpoint.host)
self.assertEqual("assets/public/polyfills-es2018.js",
endpoint.path)
with self.subTest(i=5):
finding = findings[5]
self.assertEqual("CSP: Wildcard Directive", finding.title)
self.assertEqual("Medium", finding.severity)
self.assertEqual("10055", finding.vuln_id_from_tool)
self.assertEqual(693, finding.cwe)
self.assertEqual(2, len(finding.unsaved_endpoints))
endpoint = finding.unsaved_endpoints[0]
self.assertEqual("https", endpoint.protocol)
self.assertEqual("juice-shop.herokuapp.com", endpoint.host)
self.assertEqual("assets", endpoint.path)
def test_parse_no_findings(self):
testfile = open("dojo/unittests/scans/zap/empty_2.9.0.xml")
parser = ZapParser()
findings = parser.get_findings(testfile, Test())
self.assertIsInstance(findings, list)
self.assertEqual(0, len(findings))
def test_parse_some_findings_5(self):
testfile = open("dojo/unittests/scans/zap/5_zap_sample_one.xml")
parser = ZapParser()
findings = parser.get_findings(testfile, self.get_test())
self.assertIsInstance(findings, list)
def test_parse_some_findings_2(self):
testfile = open(
"dojo/unittests/scans/zap/2_zap_sample_0_and_new_endpoint.xml")
parser = ZapParser()
findings = parser.get_findings(testfile, self.get_test())
self.assertIsInstance(findings, list)
def test_parse_some_findings(self):
testfile = open("dojo/unittests/scans/zap/some_2.9.0.xml")
parser = ZapParser()
findings = parser.get_findings(testfile, self.get_test())
self.assertEqual(7, len(findings))